public function test__signed_serialize_deserialize()
{
$certificate = new X509Certificate();
$certificate->loadFromFile(__DIR__ . '/../../../../../../web/sp/saml.crt');
$privateKey = KeyHelper::createPrivateKey(__DIR__ . '/../../../../../../web/sp/saml.key', null, true);
$authnRequest = new AuthnRequest();
$authnRequest->setID('_894da3368874d2dd637983b6812f66c444f100f205');
$authnRequest->setIssueInstant('2015-09-13T11:47:33Z');
$authnRequest->setDestination('https://idp.testshib.org/idp/profile/SAML2/POST/SSO');
$authnRequest->setIssuer((new Issuer())->setValue('https://mt.evo.loc/sp')->setFormat('urn:oasis:names:tc:SAML:2.0:nameid-format:entity'));
$authnRequest->setSignature(new SignatureWriter($certificate, $privateKey));
$serializationContext = new SerializationContext();
$authnRequest->serialize($serializationContext->getDocument(), $serializationContext);
$temporaryFilename = tempnam(sys_get_temp_dir(), 'lightsaml-');
$serializationContext->getDocument()->save($temporaryFilename);
$xml = file_get_contents($temporaryFilename);
$deserializationContext = new DeserializationContext();
$deserializationContext->getDocument()->loadXML($xml);
$authnRequest = new AuthnRequest();
$authnRequest->deserialize($deserializationContext->getDocument()->firstChild, $deserializationContext);
$signatureReader = $authnRequest->getSignature();
if ($signatureReader instanceof SignatureXmlReader) {
$certificate = new X509Certificate();
$certificate->loadFromFile(__DIR__ . '/../../../../../../web/sp/saml.crt');
$key = KeyHelper::createPublicKey($certificate);
$ok = $signatureReader->validate($key);
$this->assertTrue($ok);
} else {
throw new \LogicException('Expected Signature Xml Reader');
}
}
public function test__send_authn_request()
{
$expectedRelayState = 'relayState';
$expectedDestination = 'https://destination.com/auth';
$request = $this->getAuthnRequest();
$request->setRelayState($expectedRelayState);
$request->setDestination($expectedDestination);
$biding = new HttpRedirectBinding();
$eventDispatcherMock = $this->getEventDispatcherMock();
$eventDispatcherMock->expects($this->once())->method('dispatch')->willReturnCallback(function ($name, GenericEvent $event) {
$this->assertEquals(Events::BINDING_MESSAGE_SENT, $name);
$this->assertNotEmpty($event->getSubject());
$doc = new \DOMDocument();
$doc->loadXML($event->getSubject());
$this->assertEquals('AuthnRequest', $doc->firstChild->localName);
});
$biding->setEventDispatcher($eventDispatcherMock);
$this->assertSame($eventDispatcherMock, $biding->getEventDispatcher());
$messageContext = new MessageContext();
$messageContext->setMessage($request);
/** @var RedirectResponse $response */
$response = $biding->send($messageContext);
$this->assertInstanceOf('Symfony\\Component\\HttpFoundation\\RedirectResponse', $response);
$url = $response->getTargetUrl();
$this->assertNotEmpty($url);
$urlInfo = parse_url($url);
$this->assertEquals($expectedDestination, $urlInfo['scheme'] . '://' . $urlInfo['host'] . $urlInfo['path']);
$query = array();
parse_str($urlInfo['query'], $query);
$this->assertArrayHasKey('SAMLRequest', $query);
$this->assertArrayHasKey('RelayState', $query);
$this->assertArrayHasKey('SigAlg', $query);
$this->assertArrayHasKey('Signature', $query);
$this->assertEquals('RY/NCsIwEITvPkXI3TaptY3BKkIvBb2oePAiMUmxYBPtbsXHdxFEGBgY5tuf5frd39nLD9DFUHGZCL5eTZabEW9h75+jB2TUCFDxcQg6GuhAB9N70Gj1YbPb6iwR+jFEjDbeOWvqil+Us7ZYqHlbuEU7IxfXq8vnReZblSvfzowvlVOlKzk7/XbTHMIBRt8EQBOQIiHzqZCko8y0EKQzZzUd1QWDX+qG+ACdpu4fJjb2qaEPeLqafAA=', $query['SAMLRequest']);
$this->assertEquals($expectedRelayState, $query['RelayState']);
$this->assertEquals('http://www.w3.org/2000/09/xmldsig#rsa-sha1', $query['SigAlg']);
$this->assertEquals('tm8dkiHro6oQkvleMAeAIWOLGKn116VVs/lRM+QpeR3YuKCjXcNFhI4xIunGYhfF+f2Li0GNdh6PqoyX3YVd7KVbm5hDTstJwx+PRYzMiBqwNMB5wCTtbZMiBiYbCT28ANU9ObWnYXbfKVNQJq/z8Uj2PFPXr+gVy30ttIXlHFKmGnYAwrlTEEYRDZ4clJ2tNEIxHZwwqHuPy1sd2xdWT8uKHJeRxTbvF2Vzw6ytzFeyQBIIPy/lk46czhi5a8uOb89y0XrDgSqHlwv2Vk/a5iWdYla235vWjAfuKSj6wD9Z0PnyNVPxlCl4B2bnRCWq1XBzYwsS12RYvd0vhO8DEA==', $query['Signature']);
$xml = gzinflate(base64_decode($query['SAMLRequest']));
$context = new DeserializationContext();
$context->getDocument()->loadXML($xml);
$receivedAuthnRequest = new AuthnRequest();
$receivedAuthnRequest->deserialize($context->getDocument()->firstChild, $context);
$this->assertEquals($request->getID(), $receivedAuthnRequest->getID());
$this->assertEquals($request->getIssueInstantTimestamp(), $receivedAuthnRequest->getIssueInstantTimestamp());
}
